hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,708 Commits 1,671 Branches 157 Tags
henrymercer/js-atm-update-api-graphs-usage
Commit Graph

6868 Commits

Author SHA1 Message Date
Paolo Tranquilli
b5165e3692 C++: more fine-grained Operand location change 
Only RegisterOperands need the change, with the notable exception of
ThisArgumentOperand.
 2021-11-23 15:28:15 +00:00
Paolo Tranquilli
5202f963dd C++: sync Operand source 2021-11-23 15:28:15 +00:00
Paolo Tranquilli
74c0197544 C++: take IR Operand locations from definitions 
Previously Operand's getLocation would take it from the Operand use.
This lead to slightly confusing query results, where for example an
issue related to a call argument would highlight the function part of
the call instead of the parameter.
 2021-11-23 15:28:15 +00:00
Tom Hvitved
83d204d7a8 Merge pull request #7218 from hvitved/ssa/fix-consistency-tests 
Ruby: Fix SSA consistency tests + CFG bug
 2021-11-23 16:24:41 +01:00
Tom Hvitved
0bd587b395 Shared SSA: Sync files 2021-11-23 13:30:37 +01:00
Mathias Vorreiter Pedersen
672485ae38 Merge branch 'main' into remove-reference-to-as-load 2021-11-23 10:24:17 +00:00
Mathias Vorreiter Pedersen
21167f4b67 C++: Accept test changes. 2021-11-22 13:04:23 +00:00
Mathias Vorreiter Pedersen
f308be7382 C++: Restore the missing flow. This has a couple of side-effects: First, it gives us some new good flow (yay). Second, it causes some duplication of results that uses 'argv' as a taint source. The duplication isn't very bad, though. And since it is only for paths that start at 'argv', I think we can live with it for now. 2021-11-22 13:04:07 +00:00
Mathias Vorreiter Pedersen
74221f4aba Merge pull request #7209 from geoffw0/experimental-tests 
C++: Move experimental test.
 2021-11-22 13:01:52 +00:00
Geoffrey White
6f2b528a32 C++: Move experimental test. 2021-11-22 11:02:06 +00:00
Tom Hvitved
2b2ff7717e Merge pull request #7179 from hvitved/ruby/shared-ssa-consistency 
Ruby: Move SSA consistency queries into shared SSA library
 2021-11-19 13:49:25 +01:00
Tom Hvitved
4068cc9c3a Shared SSA: Sync files 2021-11-19 11:31:28 +01:00
Erik Krogh Kristensen
011fc20963 use matches instead of regexpMatch 2021-11-18 15:41:25 +01:00
Mathias Vorreiter Pedersen
c998370c84 C++: Accept more test changes. 2021-11-17 15:22:17 +00:00
Mathias Vorreiter Pedersen
36585a7469 C++: Accept test changes. 2021-11-17 14:41:30 +00:00
Mathias Vorreiter Pedersen
6dc6a78293 C++: Add a 'IteratorByPointer' class so pointers are always iterators. 2021-11-17 14:41:19 +00:00
Geoffrey White
d232283647 Merge pull request #7149 from geoffw0/non-https-url2 
C++: Minor improvements to 'Failure to use HTTPS URLs' query
 2021-11-17 10:05:30 +00:00
Paolo Tranquilli
2ce5b85db4 Merge pull request #7112 from github/redsun82/frontend-update 
c++: update ir tests after frontend update
 2021-11-16 16:30:34 +01:00
Geoffrey White
ea9640a39d C++: Autoformat. 2021-11-16 14:26:42 +00:00
Anders Schack-Mulligen
c70d384d28 Merge pull request #7045 from aschackmull/dataflow/hidden-ret-subpaths 
Data flow: Support hidden return nodes in subpaths predicate
 2021-11-16 15:04:51 +01:00
Paolo Tranquilli
8d3cf7f5aa C++: update ir tests after frontend update 
After updating the frontend new intermediate objects appear in the AST
and raw dumps.
 2021-11-16 13:25:32 +00:00
Geoffrey White
5ef71e6ef3 C++: Add a few more sinks. 2021-11-16 13:02:56 +00:00
Geoffrey White
aafa5762ad C++: Add a CWE tag associated with OWASP A8. 2021-11-16 11:21:25 +00:00
Mathias Vorreiter Pedersen
71c279f537 Merge branch 'main' into use-range-analysis-in-buffer-write 2021-11-16 09:14:02 +00:00
Mathias Vorreiter Pedersen
3f0bfe1d75 C++: Remove the implicit assumption about the existence of a lower bound implying the existence of an upper bound (and vice veraa). 2021-11-15 13:39:15 +00:00
Mathias Vorreiter Pedersen
63f50a9eb7 C++: Cleanup the case for possibly-negative unsigned values. 2021-11-15 13:31:51 +00:00
Mathias Vorreiter Pedersen
9a9f7943aa C++: Fix bug for exact powers of 10 and accept test changes. 2021-11-15 13:20:45 +00:00
Mathias Vorreiter Pedersen
53884915a5 C++: Add more tests (which demonstrate a couple of bugs in the implementation). 2021-11-15 13:18:30 +00:00
Mathias Vorreiter Pedersen
c2e057def9 Merge pull request #7094 from geoffw0/non-https-url 
C++: New query 'Failure to use HTTPS URLs'
 2021-11-15 10:00:19 +00:00
Mathias Vorreiter Pedersen
982de28b89 Update cpp/ql/lib/semmle/code/cpp/commons/Printf.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-11-11 13:19:13 +00:00
Geoffrey White
ea580cd9c0 C++: Add explanatory comments. 2021-11-11 11:49:51 +00:00
Mathias Vorreiter Pedersen
dbcd4d6d5d C++: Remove 'ReferenceToInstruction' from the list of instructions we interpret as a load. This makes use lose a bunch of flow, and we'll restore this flow in the next commit. 2021-11-11 10:38:52 +00:00
Anders Schack-Mulligen
7ffd9b4f9e Dataflow: Include read/store steps when finding non-hidden return. 2021-11-11 11:26:21 +01:00
Geoffrey White
901919f7ff C++: Add tests expanding on the issue with (global) variables. 2021-11-11 09:40:03 +00:00
Geoffrey White
43ff3b1c80 C++: Address review comment. 2021-11-11 09:39:59 +00:00
Mathias Vorreiter Pedersen
bf9b8cfff0 Merge pull request #6947 from ihsinme/ihsinme-patch-077 
CPP: Add query for CWE-377 Insecure Temporary File
 2021-11-11 09:02:04 +00:00
Geoffrey White
9a1b98e1d9 C++: Fix qhelp example link. 2021-11-10 17:54:05 +00:00
Geoffrey White
c29011a5cf C++: Add more sinks. 2021-11-10 16:43:28 +00:00
Geoffrey White
ae622bd482 C++: Use hasGlobalOrStdName. 2021-11-10 14:57:07 +00:00
Anders Schack-Mulligen
6d9fb3ca43 Dataflow: Sync. 2021-11-10 15:11:13 +01:00
Mathias Vorreiter Pedersen
ccdaf49464 C++: Fix the same bug in the test for ordered maps. 2021-11-10 13:24:27 +00:00
Mathias Vorreiter Pedersen
86d78b34aa C++: Use the correct variable in the 'test'. 2021-11-10 13:04:48 +00:00
Geoffrey White
2f39c64cc2 C++: Fix character in qhelp. 2021-11-10 11:23:57 +00:00
Mathias Vorreiter Pedersen
e2ab1c8c5e Merge branch 'main' into use-range-analysis-in-buffer-write 2021-11-10 08:28:43 +00:00
ihsinme
a0448240aa Update InsecureTemporaryFile.expected 2021-11-10 09:23:51 +03:00
ihsinme
7514fe2b45 Update test.cpp 2021-11-10 09:22:58 +03:00
ihsinme
289d58745a Update InsecureTemporaryFile.ql 2021-11-10 09:22:03 +03:00
Geoffrey White
26e9adcc34 C++: Change note. 2021-11-09 19:39:21 +00:00
Geoffrey White
ef21d1b512 C++: Add a model for curl as well. 2021-11-09 19:32:43 +00:00
Geoffrey White
6388ac5f1d C++: Add tests. 2021-11-09 18:41:57 +00:00